Hi jognt76, Yes, that’s Ok.
Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.
According to the logs, you’ve run a GMER. Please post here the GMER logfile located on your Desktop:
First what you need to do is to uninstall and remove the PUP software:
Start > Control Panel > Programs and Features, uninstall the following:
Movies Toolbar for Chrome
Movies Toolbar for Firefox
Then we shall tell FRST to target the malware and some PUP entries if they remain after the uninstall process. It is necessary to set up the Google Chrome to google, Ask should be removed from your search scope.
Anti-VBS/VBE is tool for additional check. At the last, MCShield is tool to scan all removable (USB) drives and if malware is there (naturally this malware attempts to copy it’s files to each attempting to expand) MCS shall clean that.
FRST’s FixList
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
(Microsoft Corporation) C:\Windows\System32\wscript.exe
C:\Users\SUPREM~1\AppData\Local\Temp\*.vbs
C:\Users\Supreme Court\AppData\Local\Temp\dc_jcclz.dll
C:\Users\Supreme Court\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Supreme Court\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe
C:\Users\Supreme Court\AppData\Local\Temp\Quarantine.exe
C:\Users\Supreme Court\AppData\Local\Temp\Uninst.exe
C:\Users\Supreme Court\AppData\Local\Temp\{319752EC-087C-4593-A006-17A8360BFCCD}-27.0.1453.94_26.0.1410.64_chrome_updater.exe
C:\Users\Supreme Court\AppData\Local\Temp\{3F86FC32-2D79-4B62-B3C8-C9AFEB57A33F}-31.0.1650.57_30.0.1599.101_chrome_updater.exe
C:\Users\Supreme Court\AppData\Local\Temp\{9A6CB044-A7F3-48D3-B148-6C1A005125C6}-32.0.1700.76_31.0.1650.63_chrome_updater.exe
C:\Users\Supreme Court\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.vbs
C:\Users\Supreme Court\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
C:\Users\Supreme Court\AppData\Local\ilividmoviestoolbarha
HKU\S-1-5-21-2458930710-739713664-1444440201-1000\...\Run: [jmwycewqcr] - wscript.exe //B "C:\Users\SUPREM~1\AppData\Local\Temp\jmwycewqcr..vbs" <===== ATTENTION
Startup: C:\Users\Supreme Court\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jmwycewqcr..vbs ()
CHR Extension: (Movies Toolbar) - C:\Users\Supreme Court\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob [2013-12-11]
CHR HKLM\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Supreme Court\AppData\Local\ilividmoviestoolbarha\GC\toolbar.crx [2013-11-05]
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
AlternateDataStreams: C:\Windows:nlsPreferences
CMD: ipconfig /flushdns
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Set Google Chrome home URL and search scope back to google
Follow this instruction and set the Chrome URL and Search scope to google.com
https://support.google.com/chrome/answer/95314?hl=en
Anti-VBS/VBE Scan
Please download Anti-VBSVBEx86.exe on your Desktop
[*]Double click to run the tool and wait until it finishes.
[*]It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.
MCShield Scan
Please download MCShield from one of the following links:
MCShield -Official download link
[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.
Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.
=> Post here AllScanst.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.